Disclosure in accordance with the article 13 of the Regulation (EU) n. 679/2016 2016 General Data Protection Regulation (“GDPR”)


Fondazione Bracco (“Fondazione”) makes you aware that we process your personal data (“Data”) through the website www.fondazionebracco.com (“Site”) or we collect it by means of the on line contract/subscription form (“Form”) available on the Site itself. The Foundation operates in compliance with the prescriptions provided by the personal data protection applicable law (EU Regulation n. 679/2016 “General Data Protection Regulation” – following defined “Regulation” or “GDPR”) and to the Site’s Privacy Policy.


Processing Controller

Fondazione Bracco is the Processing Controller; with headquarter sited in via Cino del Duca 8 - 20122 Milan. You can contact us for any information related to your personal data.

Processed Data

After receiving your consent, we process the personal data that you provide us by filling the contact on line Form/subscription (“Form”). In particular, this data include name, surname, email address, as well as further data that you eventually provide to the Data Controller.

In order to allow us to process the requests that you send through the Form, we need you to agree the processing of the data provided and we need you add at least the mandatory information marked with an asterisk (*). Without the mandatory data or the consent, we will not be able to proceed. Contrarily, the consent and the information for the fields that are not market with an aterisk, are optional: if you decide not to provide them, there will be no consequences.

Moreover, the Data Processor will process data related to images, video shootings and recordings that could eventually depicts you during the event for the purpose of internal communication in the Foundation and/or in Bracco Group, by any means, as well as external communication, by the publication of the data in the press, through advertising and on the social network pages in which the Foundation is present. The processing of those data is mandatory to attend the event and your refusal will imply the impossibility for the Foundation to follow up your request to participate to the event in object.

Anyway, if the law obligations, regulations and the community legislation require it, the Controller could process your Data, even without your consent, this as regard to legal claims, in order to pursue its legitimate interests and for all the cases included, where applicable, in the Articles 6 and 9 of the Regulation.

Processing purposes

Data are processed for the following purposes:

- follow up your request to attend the event, including the preliminary forwarding of communications associated to the same event and the management of the related images and video shootings (purposes A);

- send you Foundation’s or its partners’ promotional and communication material (e.g. newsletters, events related communications, workshops or seminars organized by the Foundation) (purposes B).

Your consent represents the legal basis for the processing of your data for those purposes (Article 6.1 letter a) of the Regulation).

Processing modalities

The Foundation will process the Data by means of electronic or, in any case, telematic and computerized devices, or by manual and paper-based elaborations. The logics of the elaboration will have a strict relation to the above-mentioned purposes of their providing and, in any case, we will operate in a way that ensures security and confidentiality. Internal Foundation’s staff will process the Data and, eventually, to the extent that is necessary and/or instrumental for the above-mentioned purposes. They will have the authorization for this purpose in connection with the performance of their assigned tasks. Third parties acting on behalf of the Foundation will process the data too. Given by the case, they will act as autonomous Controllers, Co-Controllers or Processors that have a designation in accordance with the Article 28 of GDPR (e.g. Foundation’s initiatives partners, service provider, shippers, dispatchers, computer services maintainers, other suppliers the Foundation could involve to execute the above-mentioned purposes, Bracco’s Group societies).

All the data recipients will only receive data useful to dispatch the related functions and they will commit to use them for the above-mentioned purposes only and to process them in accordance with the applicable law. With the exception of the above mentioned, we will not share data with third parties, natural and legal persons which are performing no commercial, professional and/or technical functions on behalf of the Controller, nevertheless we will not disclose the data.

As regard to the possible data transfer towards Third countries, including countries that may not ensure the same level of protection as the data protection legislation requires (i.e. extra EU countries); the Controller makes you known that the processing will still occur. This, given by the cases, in accordance with one or more of the modalities allowed by the Regulation. For example, the user’s explicitly given consent, the adoption of Standard Contractual Clauses that have been approved by the European Commission, the selection of subjects involved in international programs for the free movement of data, (e.g. EU-USA Privacy Shield) or that are active in countries considered as safe by the European Commission.

The data recipient list is available by making a request to the Controller using the contacts indicated in the current policy.

Period for which the personal data will be stored

In compliance with what the Article 5.1. (c) of the Regulation prescribe, the informative systems and computer programs used by the Foundation, are configured in a way that minimizes the need for personal and identification data; such data shall only be processed to the extent that is necessary in order to attain the purposes set forth in this Policy. The data will be stored for the period that is strictly necessary in order to achieve the concrete objectives pursued. Anyway, the criteria used to determine the period of storage has his base in the compliance with the applicable laws and to the processing minimization principle as well as the storage limitation and the rational management of archives.


Rights of data subjects

The user may anytime exercise the rights in accordance with the Articles 15-22 of the Regulation, including the right to have a confirmation on the existence of his personal data. The user can verify the content, origin, accuracy, location (as also regard to Third countries) of the data. He may ask for a copy of the data as well as its rectification and, in accordance with the applicable law, the restriction of the processing as well as the erasure of the data and he can also object to the direct contact activities (even specifically for certain means of communication). Similarly, the user may always withdraw the consent and/or make observations on specified data usages as regard to particular personal situations, which the user believes are not fair or that are not justified by the relationship put in place. He may also lodge a complaint with the Supervisory Authority.

For any of the requests as regard to the Foundation’s data processing process the user may contact the Controller sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. or to the following ordinary mail address: Fondazione Bracco, via Cino del Duca 8, 20122 Milano, Italia. This in order to exercise the rights recognized by the applicable law, as well to get the updated list of the subjects accessing the data.

Follow Fondazione Bracco
on Instagram